strategies and analysis from...

Confidence in a connected world.

CIODigestSTRATEGIES AND ANALYSIS FROM SYMANTEC

CIO JANUARY 2009

Sr. VP, Transformation, Telstra

Tom LammingTom Lamming

PlusIT GRC:

Turning Risks into Returns

The Double-Edged Sword of

IP Convergence

©2008SymantecCorporation.Allrightsreserved.SymantecandtheSymantecLogoareregisteredtrademarksofSymantecCorporationoritsaffiliatesintheU.S.andothercountries.Othernamesmaybetrademarksoftheirrespectiveowners.

compliance.Automatedenforcementofcompliancepoliciesthatsecureandmanagebothyourinformationandyourinfrastructure.

SYmanTec iS

SYmanTec.com/everYwhere

26

FEATURESCONTENTS

[ COVER STORY ]

Getting to One ClickTom Lamming is leading Telstra on an IT trans-formation the size of the Australian Outback that is focused on delivering an unrivaled customer experience.By Patrick E. Spencer

[ INDUSTRY FEATURE ]

The Double-Edged Sword of IP ConvergenceAs IP-based networks gain ground, telcos are turning security threats and availability challenges into new opportunities.By Ken Downie

[ SOLUTIONS FEATURE ]

Turning Risks into ReturnsFirms with strong IT GRC results enjoy much better performance when it comes to satisfying customers and growing revenues and profits. The principles of good IT GRC are in fact the principles of good IT management.By Alan Drummer

10

[10]

[14]

[18]

DEPARTMENTS[ Chairman’s Note ]

Software-as-a-Service: Moving Beyond the Buzz By John W. Thompson

[ Upload ]Symantec Security Technology & Response To Catch a ThiefBehavioral protection monitors potentially malicious software and network streamsBy Stephen Trilling

Executive Q&A The High Returns of Risk ManagementInnovations and best practices substantially reduce information risks By Alan Drummer

[ EMEA ]

A Rapid IT AscentIT standardization turbocharges business value and propels agility and flexibility at Piaggio Aero—the “Ferrari of the Air”By Patrick E. Spencer

[ APJ ]

The Making of an Iconic IT ProductionA fascinating IT journey uncovers unique business value in asset management, workflows, and the helpdesk at healthAlliance NZBy Patrick E. Spencer

[ Latin America ]

Continual TransformationDeveloping infrastructure solutions without a software and hardware agenda at Brazilian IT solutions provider TIVITBy Mark L.S. Mullins

[ North America ]

Beneficial ChangeA massive IT consolidation effort aligns IT services and the business of government to deliver change the State of Michigan can believe inBy Mark L.S. Mullins

Cover photo by Justin Malinowski

[3]

[4]

[22]

[26]

[30]

[32]

14 18

22

32

SYMANTEC RESOURCES

Visit us online at www.symantec.com/business and take advantage of a world of resources to help you have confidence in your connected world.

About UsCorporate profiles, management team, investor relations, careers. It all starts right herewww.symantec.com/about

PartnersFind the perfect partner to help you manage your IT needswww.symantec.com/partners

Enterprise SolutionsSoftware, services, and solutions to manage your most valuable assets: your informationwww.symantec.com/solutions

Enterprise Online StoreDo you know what you need already? Shop quickly and conveniently onlinewww.symantec.com/solutions

Internet Security Threat Report Up-to-the-minute information on the latest vulnerabilities and threat vectorswww.symantec.com/threatreport

Technical ResourcesA technical community to help your IT team keep your systems up and running, no matter whatwww.symantec.com/stn

PodcastsFor people on the go, podcasts deliver news, product information, and strate-gies you can use www.symantec.com/podcast

INFORMBenchmarking straight from the source—your peerswww.symantec.com/inform

Yellow Books Symantec Yellow Books help you save time by providing best practices for your specific environment www.symantec.com/yellowbooks

Book SmartSymantec Press offers a variety of executive, enterprise, and consumer titles www.symantec.com/symantecpress

Customer SuccessSee how others in your industry succeed with Symantecwww.symantec.com/ customersuccess

EventsOur events calendarwww.symantec.com/events

Consulting ServicesExpert consulting services from the leader in information protection and availabilitywww.symantec.com/ globalservices

Education SevicesMaximize your IT investment with a skilled, educated workforcewww.symantec.com/ education

Managed Security ServicesComplete, cost-effective security managed response servicesgo.symantec.com/ managedservices

Early Warning ServicesPrevent attacks before they occur with customized, comprehensive alerts of worldwide cyber attacksgo.symantec.com/ earlywarningservices

WebcastsFrom endpoint security to information management, storage to security, and everything in betweenwww.symantec.com/webcasts

2 CIO Digest January 2009

Online Services—Get the Benefits Without the MaintenanceBy getting services online rather than

building out the software

and hardware infra-

structure to provide

them, businesses

are increasingly

shifting the bur-

den of deploying

and maintaining

enterprise applica-

tions to vendors. Ben-

efits of a software-as-a-ser-

vice model include faster time to value,

Online Extras

a quicker ability to scale, less

risk and up front investment,

and lower annual operating

costs in equipment and sup-

port staff.

Since the online service

vendor’s business depends

on service quality and

securing customer data,

these services are protected by consider-

able investments in state-of-the-art secu-

rity and delivery technologies. The overall

result is that more than 94 percent of

organizations using an online service are

satisfied and plan to renew. Read more at go.symantec.com/SaaSCIODigest.

IT Priorities in the 2009 EconomyFew in September 2008 would have pre-

dicted economic conditions as tough as

the ones we’re

facing now. How

is the downturn

changing the

way busi-

nesses think

and behave

and serve their

customers? How

has this impacted IT priorities for 2009?

Are companies retooling existing projects

or redefining challenges? Read more at go.symantec.com/2009priorities.

CIO Digest Editor-in-Chief BlogGain insights, highlights of new online-

only content, and interact with the

CIO Digest editorial team. Check out

the Editor-in-Chief blog at go.symantec.

com/CIODigestBlog.

CIO Digest

CHAIRMAN’S NOTE

Publisher and Editor in Chief Patrick E. Spencer, PhDManaging Editor, Case Studies Mark L.S. MullinsManaging Editor, Content Donna TarltonManaging Editor, Upload Dee V. SharmaDesign Director Joy JacobContributing Writers Ken Downie, Alan Drummer, Mark L.S. Mullins, Dee V. Sharma, Patrick E. Spencer Circulation Manager Bharti AggarwalWeb Producer Rebecca DonaldsonPodcast Producer Wendell Davis

SyMantEC MarkEting Senior Vice President Carine Clark Vice President James Rose

Subscription informationOnline subscriptions are free to individuals who complete a subscription form at www.symantec.com/ciodigest/ subscribe. For change of email address, please send an email to [email protected]. Magazine Subscription Customer ServicePlease email us at [email protected].

Privacy PolicySymantec allows sharing of our mail list in accordance with our corporate privacy policies and applicable laws. Please visit www.symantec.com/about/profile/policies/ privacy.jsp or write us at [email protected].

xyz

Regards,

John W. ThompsonChairman of the Board and CEO, Symantec Corporation

Over the past few months I’ve noticed a constant theme running through my conversations with many

customers—they want choice. While this certainly isn’t new, it has become a more prominent issue as they

think through their IT investment plans for the coming years. For many customers—big and small—this may

mean considering a combination of on-premise and off-premise—or Software-as-a-Service (SaaS) solutions.

As businesses continue to grow and address the new challenges presented by the economy, SaaS may give them

added flexibility in how they manage their technology investments by providing access to world-class technology,

infrastructure, and people. SaaS can also give organizations the ability to predictably control a large part of their

IT costs and reduce risks when deploying important new infrastructure capabilities. Many of the early adopters,

including Symantec, have discovered the benefits associated with out-tasking some of their most critical information

management challenges to allow their internal teams the ability to re-focus on driving innovation.

The potential benefits of SaaS are obvious. However, you must carefully evaluate the partner you select to

ensure there is strong alignment between your goals and their delivery model. Make sure that you have service level

agreements in place that allow you to entrust data to an online service, ensuring that the service and support will be

available when you need it. You should also expect a SaaS vendor to be a leader in IT infrastructure offerings and have

a disaster recovery plan in place that ensures the security, reliability, and availability of their applications and data.

Lastly, look for a solution that is easy-to-use and doesn’t require additional IT staff or infrastructure investment.

This issue features an exclusive interview with Tom Lamming, senior vice president, transformation, at Australian

media-communications giant Telstra, as well as features on IT GRC (governance, risk management, and compliance)

and IP convergence in the communications segment. I also encourage you to check out the new Online Extras

area for CIO Digest, which includes an article on SaaS.

The coming year may prove to be one of the most exciting in the IT industry as we look to take full advantage on the

many new services to be delivered. And we look forward to working with you as you explore this new horizon.

Software-as-a-Service: Moving Beyond the Buzz

[UPLOAD]

To Catch a Thief


By Stephen Trilling, Vice President of Security Technology and Response (STAR)

[ Blast Off with Norton ]Norton 2009 is smart securi-ty—engineered for speed and weightlessness. The latest version has minimal impact on PC resources while deliver-ing maximum protection against looming threats in cyberspace.

To underscore this mes-sage, Symantec presented the

Blast Off with Norton cam-paign. This past September, the company invited journal-ists from around the world to Las Vegas and treated them to parabolic zero-gravity flight over the Nevada desert.

Completing many of the same exercises NASA uses to train astronauts, they experienced true weightless-

ness. Word of this once-in-a-lifetime experience spread quickly through blog postings and videos, generating a ter-rific online buzz about Norton and the campaign.

Excitement is now building about the Blast Off with Nor-ton contest, in which up to 35 participants can win a seat on a chartered zero-gravity flight

in February 2009. Register now for a chance to win at www.norton.com/space.

[ Symantec PartnerEngage 2008: A Capital Event ]Beginning with a reception at Washington D.C.’s Newseum and ending with an evening at the Smithsonian Air and Space Museum, this year’s

>Continued on page 8

yx SYMANTEC CHRONICLES

yx SECURITY TECHNOLOGY AND RESPONSE

Behavioral protection can provide an added layer of defense against malicious software and guard systems from threats for which no virus signatures yet exist.

Writing virus signatures—the classic mechanism for detecting and stopping threats—is analogous to using

fingerprint matching to catch criminals. If you’re looking for a known criminal who has a fingerprint on file, it’s a perfect system. If you don’t have their fingerprint yet, this traditional “blacklisting” mechanism isn’t effective.

Heuristic technology—examining the attributes of files on disk to check for suspicious characteristics—takes threat detection a step further. To continue our analogy, if you see a person walking down the street in the middle of summer wearing an ankle length coat with something obviously concealed underneath, you identify their appearance as “suspicious.” Although you might not have their fingerprint, the individual may still represent a security threat and therefore warrant further investigation.

Beyond blacklisting and heuristics, the last line of defense is behavioral protection technology. This involves monitoring actively running software and network streams for behavioral patterns that could be malicious. Using this approach, it is possible to identify entirely new threats or classes of threats by examining

their behavior. Once you determine that a threat is exhibiting suspicious behaviors, you can block it and, in many cases, clean up any damage it has already caused.

Back to our criminal analogy, if someone breaks into a store and walks out with something, the police can arrest the person based on behavior alone. Of course, if the individual was a known criminal, fingerprinting may have stopped him from entering the store in the first place. Nevertheless, any further damage is averted.

Symantec’s behavioral protection technologies can catch entirely new and unknown malware that has bypassed classic, fingerprint-based antivirus

protection and heuristic protection. There are three components to this behavioral technology,

all of which work together.The first two components are primarily

intended to prevent malicious software from getting onto your computer in

the first place. The first of these, Network Intrusion Prevention, scans both incoming and outgoing network streams to identify suspicious traffic. If suspicious incoming

traffic is observed, it can be blocked before it reaches the computer and does damage. If suspicious outgoing traffic is observed as

originating from a program on the computer, the program can be blocked from doing further damage on the computer

The second component, Symantec Browser Defender, integrates directly into popular Web browsers—between Web pages and the browser’s logic—and applies “virtual patches” to all known vulnerabilities in the browser. This can stop malicious attacks that may occur inside the browser when visiting a malicious Web site; for example, it can prevent malicious JavaScript from running in the browser and doing damage to your machine.

Joyc

e H

eS

Se

lBe

RTH

symantec.com/ciodigest 5

A few key initiatives—and sometimes not the most obvious ones—can make the biggest difference in minimizing your company’s information risks. That’s the conclusion of this

conversation with Francis deSouza, Symantec’s Senior Vice President, Information Risk Management Group. deSouza also details key benefits of the three products at the core of Symantec’s Information Risk Management (IRM) strategy: Brightmail Gateway 8.0, Data Loss Prevention 9.0, and Enterprise Vault 8.0.

Q. Francis, if c-level decision makers have only 30 seconds with you, what key points should they take away? A. Francis: While it’s important for CIOs to protect their company’s infrastructure, it is increasingly more impor-tant for them to protect their company’s information. Information is often their most valuable asset—and in many cases the most vulnerable asset. The key is to under-stand what important information exists in the company.

Q. What would you say are the building blocks of a cohesive strategy for protecting unstructured information? A. Francis: There are four building blocks. First, keep the bad stuff out—such as phishing attacks or spam. Second, keep the good information in. Understand what the important information assets are within a company, where they are, and ensure they can only leave the company appropriately, with adequate protection. This is called data loss prevention. The

third priority around information risk management is archiving. Companies need to retain information only for a required period—not a day longer. They need to understand retention requirements for different types of information such as email and files—and then apply those policies consistently. The fourth priority is around e-discovery. Companies need to be able to retrieve requested information in a timely way—either for data mining, or to respond to an e-discovery request quickly.

Q. To support those priorities, what new capabilities is Symantec offering in messaging security? A. Francis: We invest heavily in making sure that we offer the best and most comprehensive threat protection out there. That means we spend a lot of time not only delivering our award winning antivirus capability but also an antispam capability that delivers the industry’s highest effectiveness with the lowest false positive rates. We also have focused on delivering the most scalable offering in the market today. Our threat management products are in use by some of the world’s largest ISPs to manage over 300 million mailboxes—and they’re also in use all the way down to small businesses and home offices. The third area we’ve invested in is manageability. We make sure that our products are simple to install and configure, and customers can get up and running as fast as possible. The other area we’ve invested in is being the only company in the world that looks at incoming messages to capture threats and outgoing messages to stop the leak of sensitive information.

Q. Data loss prevention—what is Symantec developing in this area? A. Francis: We acquired Vontu—the pioneer in data loss prevention. That means Symantec now serves over half of the data loss prevention marketplace. And our innovations are focused on ensuring you can protect sensitive information across your enterprise. That includes understanding where confidential information is both at rest and in motion—whether it’s entering or leaving your company through email, Web messaging, USB drives, the printer, or on mobile endpoints.

yx Symantec Executive Q&A

The High Returns of Risk ManagementWhat innovations and best practices substantially reduce information risks?By Alan Drummer

Symantec PartnerEngage conference was held October 15 –17, 2008. To kick off the event, Symantec treated attendees to a media tour of its D.C.-based Security Oper-ations Center, where they enjoyed a rare behind-the-scenes glimpse of Symantec security researchers scanning for all forms of Trojans, bot-nets, executables, and other malicious attacks. To find out

more about this event and other partner resources, visit www.symantec.com/partners.

[ FORTUNE’s Most Admired ]Innovation, leadership, financial strength—all traits shared by the winners of FORTUNE Magazine’s annual list of “America’s Most Admired Companies.” FORTUNE and its survey partner, Hay Group, queried more than 3,700

people from dozens of indus-tries to select the companies they admire most. Symantec ranked fourth in the “Computer Software” category on this year’s list. The definitive report card on corporate reputation, the survey considered eight categories to identify the win-ners. For more about this event and other partner resources, visit go.symantec.com/Fortune-IndustryChamps.

[ Leading the Market in Messaging Security ]With the acquisition of MessageLabs now complete, Symantec strengthens its commitment to the Software-as-a-Service (SaaS) model. Ac-cording to IDC, this acquisition extends Symantec’s lead in the messaging security market to twice the market share of its closest competitor. Protecting more than three billion email >

>Continued on page 6


Q. On another topic—email storage costs and e-discovery costs are hard to control and are pain points in many organizations. What relief does Symantec offer?A. Francis: We see customer email storage typically growing at 30 to 70 percent a year. So we’ve done a lot of work on Symantec Enterprise Vault to deliver the industry’s most efficient message archive. We’ve invested in technologies such as single instancing, so only a single instance of multiple copies of a PowerPoint attachment is stored. In e-discovery, we’re addressing

a different challenge. It may cost a dollar just to store a gigabyte of information, but it can cost up to $30,000 to have lawyers review that gigabyte. For this business requirement, we have Enterprise

Vault Discovery Accelerator. With it, customers can fulfill a legal request in a matter of minutes or hours that might have previously taken weeks.

Q. That’s powerful. Companies might be discouraged by the number of projects they should be launching in IRM. What’s the easiest ROI?A. Francis: One of the quickest paybacks can come from our Brightmail Gateway solution. By blocking spam, it reduces the volume of incoming messages, saving bandwidth, storage, and messaging processing costs—and shielding employees from productivity loss. Another quick payback opportunity is email archiving. Customers reclaim large amounts of primary disk space—which often costs up to $45 per gigabyte—by implementing Enterprise Vault. At Symantec.com we have a number of ROI tools that quickly calculate the potential payback. When it comes to data loss preven-tion, the payback is in cost avoidance. Customers build a business case for a data loss prevention solution around the costs of notifying customers of a data breach, along with the severe damage to a company’s reputation. When it comes to e-discovery, customers

often hit seven-figure litigation costs at a minimum. That’s strong justification for getting Enterprise Vault and Enterprise Vault Discovery Accelerator.

Q. What would you say are the most typical “barn doors” that companies forget to lock before the horses escape?A. Francis: Great question. I think that there are a few. Customers don’t always have the best handle on what their sensitive information is, and where it lives within their company. And it’s too late to start looking when somebody loses a laptop or there’s a data breech. A second area of high risk is not having an e-discovery infrastructure in place. When a company is hit by litiga-tion, it’s then hit with a double whammy. One is that it’s hard to retrieve requested information fast—and often that results in unfavorable reactions from the legal sys-tem. Second, because the retrieval infrastructure is not in place, the cost of getting the information is very high.

Q. Good tips. It’s said that information risk manage-ment requires more than solutions—it takes an awareness and discipline in all employees. What best practices have you seen for spreading that awareness and discipline?A. Francis: One valuable practice is to proactively com-municate within a company about the importance of information assets—and teach every employee how to protect those assets. Which information is sensitive? What practices are inappropriate? Employees should know if it’s inappropriate to send information to their Hotmail or Gmail accounts to work on at home. Policies need to be clearly laid out. Second, employees need to clearly understand retention guidelines. What should be kept? For how long? When should it be deleted? A third best practice is to communicate that messages should be retained in a central archive—and not on desktops or in file shares. This ensures that when a message is deleted, it’s deleted everywhere. n

Alan Drummer is Creative Director for Content at NAVAJO Company.

connections, MessageLabs brings a well established suite of online services for messag-ing and Web security. These online and hosted services, software, and appliances complement the offerings available through the Symantec Protection Network. To learn more about the MessageLabs acquisition, visit go.symantec.com/messagelabs.

[ Information Management: Deconstructed ]As storage costs rise and se-curity risks intensify, IT man-agers are faced with many challenges. A root cause? Managing massive amounts of unstructured data. Email, instant messages, and other unstructured information combine to form a major driver in the need to manage

information risk. Symantec’s Information Risk Manage-ment (IRM) strategy encom-passes products to help orga-nizations secure and manage all types of unstructured information. Enabling busi-nesses to protect their data (wherever it resides), reduce storage costs, and automate workflows, IRM is a compre-hensive offering to ease the

burden on any IT staff. The suite includes antispam and antivirus protection; content filtering and content control; an archive platform for un-structured content; and a solution to discover, monitor, and protect confidential data.

At the heart of Symantec’s IRM solution are three market-leading products for messaging security, archiving,

[UPLOAD]

>

Symantec Executive Q&A Continued from page 5

Podcastcheck out the executive Q&A

Podcast with Francis deSouza at go.symantec.com/QAdeSouza

>


Veritasstoragesoftwarereducescost,increasesefficiency,andhelpsensureyourdatacenteroperatesatpeakperformance.

SYMANTEC IS

SofTwArE.STorAgE

SYMANTEC.CoM/EvErYwhErE


and data loss prevention—Symantec Brightmail Gateway 8.0, Symantec Enterprise Vault 8.0, and Symantec Data Loss Prevention 9.0. This compre-hensive IRM suite enables or-ganizations to secure and man-age unstructured data, while reducing cost and mitigating risk. For more information visit go.symantec.com/information- management.

[ Prosperity—underground ]While the real economy suf-fers, the online underground economy prospers. The latest Symantec Report on the Un-derground Economy tells the tale of an online underground economy that has matured into an efficient, global mar-ketplace in which stolen goods and fraud-related services are regularly bought and sold, and

where the estimated value of goods offered by individual traders is measured in mil-lions of dollars. The report is derived from data gath-ered by Symantec’s Security Technology and Response (STAR) organization and from underground economy servers between July 1, 2007 and June 30, 2008. Stolen credit card information is the most

advertised category of goods and services in this under-world, selling for as little as $0.10 to $25 per card. Stolen bank account information, on the other hand, can sell for as much $1,000, and the aver-age advertised stolen bank account balance is nearly $40,000. For more informa-tion visit go.symantec.com/underground-eco. n

In its 2008 Technology Survey, the International Legal Technology Association (ILTA) reports that a

significant number of legal firms, 23 percent, have a “green” initiative or program, while another 21 percent indicate they are working on such a program. In line with this, 80 percent of the firms that were already using virtual server technology reported they increased their investments in virtualization solutions since last year.

While managing email is still the most significant challenge, an interesting new trend in this area is the practice of restricting the “Reply to All” button. Of course, it makes sense that a “Reply to All” with several thousand users will generate many more problems than at a smaller organization. The results bear this out—a third of very large firms find this restriction necessary.

The survey covered 537 respondents representing firms with attorney counts ranging from 5 to 3,400. More than 108,000 attorneys and 245,000 total end users are represented by the data. Responses came from Canada, Australia, the United Kingdom, and the United States.

Tech Trends…

0 10 20 30 40 50

No virtualization in ourenvironment at this time

Non-critical server

Some mission-critical servers

Data center is largelyor completely virtualized

Test environment/lab only

Infrastructure servers

Other

36%

42%

16%

16%

15%10%

14%8%

12%

15%

5%5%

2%

3%

20082007

Trends in the use of virtualization technologies

>> Legally CoveredIn its latest benchmark research report

entitled “Improving Results for Legal

Custody of Information,” the IT Policy

Compliance Group finds that firms with

the most mature practices for legal

custody of information spend between

75 to 94 percent less on the

task than those with the least mature

practices. Only about 1 in 10—12 percent—of firms have the

technology needed to notify employees

about a legal hold in less than an

hour and respond to legal requests

for information within one day. These

firms have greater confidence in the

accessibility, integrity, and accuracy

of the records—key considerations for

lawyers. Source: IT Policy Compliance Group, 2008. View the complete report at www.itpolicycompliance.com.

The third component, called SONAR, is intended to stop malicious programs that are already on your computer. SONAR uses process-based behavior blocking to monitor all running pro-grams, note any suspicious character-istics, and remove applications that exceed a predefined risk threshold. Details about key executables are anonymously communicated back to Symantec for further analysis—for customers who agree to participate—

and used for continuous improvement in accuracy and scoring weights.

With a very low impact on system performance, the latest versions of Symantec’s behavioral protection tech-nologies are integrated into the new-est versions of our consumer products and will be included in a future release of Symantec Endpoint Protection. To date, behavioral technologies have already blocked more than 5.2 million Web-based attacks for Symantec cus-tomers and have stopped thousands of new programs from performing mali-cious activities on Symantec custom-ers’ computers. n

Symantec Security Technology and Response Continued from page 4

The following excerpt from ILTA’s 2008 Technology Survey is reprinted here with permission. For more information about ILTA or to order the complete survey, visit www.iltanet.org .

[UPLOAD]

>

disasterrecovery.

The industry leader in backup, clustering, and replication software that runs across every platform in your data center.

syMaNtec is

syMaNtec.coM/everywhere

© 2008 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.


COVER STORY

By Patrick E. Spencer

An IT Transformation the Size of the Australian OutbackGetting to

One ClickIn 1872, the completion of the Australian Overland Telegraph Line was a monumental achievement. Traversing more than 3,200 kilometers across the Australian Outback, it connected not only Darwin in the Northern Territory with Port Augusta in South Australia but with the rest of the world. With its completion, Australia had the ability to communi-cate in real time with the rest of the world.

The Australian Overland Telegraph Line traversed the Australian Outback, connecting Darwin with Port Augusta and Australia with the rest of the world.

MA

rT

MO

PP

eL


When Tom Lamming joined Telstra, he as-sumed charge for an IT transformation initiative as far-reaching as the building of the Australian Overland Telegraph Line. The initiatives he is now spearheading as senior vice president, transformation, are game-changing moves that will help catapult Telstra to the forefront of its market space. While the benefits are far ranging, from lower costs, to improved operational efficiencies, to increased revenues, to greater profit margins, the focus is on delivering an enhanced customer experience.

Business strategy guides technologyThe IT transformation trek began on November 15, 2005, when Telstra CEO Sol Trujillo unveiled a five-year strategy to transform Telstra into a fully integrated, converged media-communications company. The transformation touches on everything from networks, products, IT systems, customer relationships, and workplace culture, all based on a vision of a new customer experience. The latter includes the ability to offer customers a simple, integrated, intuitive one-click, one- command, any-screen, real-time interaction.

Trujillo and his new management team spent the first 120 days conducting a baseline of the company. Lamming describes the process: “We took a fairly thorough review of all aspects of the company—how we tracked against world-class benchmarks in terms of process performance, where we were on the IT front, where we were on the network front.” An integral lynchpin to their analysis was IT, which was lacking in key areas. Among other issues, Lamming found more than 1,500 different IT systems in place and over a dozen different customer databases resid-ing on myriad systems.

Lamming, who held various client leadership and practice management roles at Accenture—including the Global Managing Partner for the Communications Industry—took a very strategic rather than a tactical approach in addressing the above challenges. “Telstra is not in the business of building IT systems,” Lamming says. “That’s not our job. We are here to empower the business—to help the business deliver a superior customer experience.”

In addition, when translating business require-ments into technology solutions, Lamming emphasizes the importance of ensuring that IT uses language indicative of the business—not technology. “It is not the business’ job to learn our jargon,” Lamming quips. “It is our job to be able to communicate with the business and articulate how we can help them perform.”

Changing tires on a speeding “18 wheeler” The complexity of the IT transformation was amplified by the fact that existing business operations had to continue without any interruption. The analogy of changing a tire on an 18-wheel trac-tor trailer speeding down the National Highway is apropos. “We had to support the business simul-taneously while evolving the IT environment,” Lamming explains. “This undertaking is one of the largest programs of its kind in the world. It goes well beyond an IT fix; rather, it is a compre-hensive business and IT transformation. To get here, the IT team has gone from what I would call an ‘administered business’ to one that’s highly integrated and outcomes based.”

Working with COO Greg Winn, to whom he reports, Lamming determined they wanted to get a core set of technology providers in place at the forefront of the IT transforma-tion initiative. Having worked together on similar initiatives be-fore, they developed a short list and got all of the critical providers in place shortly after kick-ing off the program.

“Instead of a 6 to 12 month protracted RFP process, we created a short list of world-class technology providers for consideration,” Lamming remembers. “We sought global players with proven solutions and a strong reputation for delivery and performance. We didn’t want something that was ‘good’ yesterday. We wanted technology solutions and providers that would lead us into the future and that would help us in executing on our very ambitious agenda.” In addition, Lamming stresses the team looked for providers with a proven roadmap and that wanted to invite Telstra to join them for the “journey” ahead, even helping with the navigation.

Telstra ultimately settled on a dozen or so core technology providers that included Symantec. “We weren’t going to shift from our model of heavily outsourcing certain aspects of the technology environment,” Lamming says. “We couldn’t do it ourselves; we didn’t have the capability and

Founded: 1901Workforce: 47,000 (includes agency and contractors) Revenues (FY2008): A$24.7 billion ($15.2 billion USD)Fixed-line Services: More than 10.6 million (includes 9.3 million PSTN and 1.3 million ISDN) Mobile Services: 9.3 million, with more than half on 3G

Telstra One Click

s

Tom Lamming, Sr. VP, Transformation,

Telstra


JUS

TIN

MA

LIN

OW

Sk

I

weren’t going to spend months interviewing and hiring a team to do so.” However, leadership of the IT initiative remains in the full purview of the Telstra team. “For the Telstra team,” Lamming explains, “it was important for us to understand that leadership is not something outsourced. We needed to get the Telstra leader-ship in place, and then integrate the different technology providers into this team.”

A view beyond the engine roomAs Lamming and his team have mapped their technology initia-

tives to the agenda of the business, service level agreements (SLAs) have taken on greater relevance. The perfor-mance of IT is geared and measured based on the performance of the business. Lamming describes this process with an analogy: “IT is in the engine room

of the ship, and the business is at the helm. There has to be good commu-nication between both, but it is the business that sets the direction.”

Then, when Telstra measures the results, they are done from the compass of the business. Lamming describes this using the analogy of the “hand in glove” approach, noting that Telstra has “worked very hard not to bifurcate what’s IT versus what’s the business. It’s a shared outcome, not just an IT outcome.” We must yield actual outcomes for the investment we are making.”

While Telstra is still in the process of standardizing its IT systems, it is already realizing tangible value. “The key benefit for us from a technology point of view is that we’ll have one IT environment that we will main-tain around a core set of technology providers,” Lamming says. “We have stayed committed to our one factory principles: ‘do it once; do it right for the customer; do it in an integrated way; do it at a low unit cost’.”

The customer is at the center of Telstra’s IT transformation. “What we are doing is transforming the

customer experience from dealing with multiple, product-centric systems to a single, end-to-end customer-centric solution,” Lamming explains. “Prior to the rollout of the new system, a customer purchasing multi-product holdings would need to place up to four different calls: one for PSTN, one for Wireless, one for Broadband, one for ip-TV. The different systems weren’t integrated. Customers can now place just one call, and we’re able to address every-thing at one time.”

This integrated approach creates enhanced operating efficiencies, more cross-sell opportunities, better margins—or even revenue—and lower costs. “We’re a ‘light standard’ here,” Lamming quips. “Our competitors cannot compete with us on networks, products, and services. Our ability to execute on the IT transformation will give us an unmatched capability.” Lamming concludes with the following anal-ogy: “It’s like the space shuttle, all fueled up and on the launch pad. When we are operationally bedded down and our customers are migrated—which is already largely the case for consumer and small business customers—we will be ready for takeoff. And while the preparation for launch is immense, the results are beyond the world as we have known it.”

Rationalizing down to SymantecTelstra is rationalizing down to a common set of software. For example, “rather than having five separate

CO

VE

R S

TOR

Y

“Our ability to execute on the IT transformation will give us an unmatched capability.”—Tom Lamming,

Senior Vice President, Transformation

> Veritas NetBackup> Veritas Storage Foundation HA> Veritas Storage Foundation Cluster

File System> Veritas Storage Foundation for

Oracle RAC> Veritas Cluster Server > Veritas Backup Reporter> Symantec Enterprise Vault> Symantec Consulting Services> Symantec Business Critical Services

s One Clicking Symantec at Telstra


CRM systems, we’ll be down to one,” explains Lamming. This consolida-tion creates new challenges and criticalities. “Our challenges are greater from an IT point of view. By consolidating everything into one place, our points of failure be-come more important and service levels become much greater.”

As Telstra built out its next-generation data center environment, it tapped several key technology providers—and Symantec was one of those selected. While Telstra had a history of leveraging different storage management and availability solutions from Symantec, this historical experience was not the reason for Symantec’s selection. “[Symantec] was chosen because of the skill set of its consultants and world-class technology,” Lamming says. Considerations such as Symantec’s reputation, ability to deliver both global and local resources, and the capability to provide on-site techno-logical expertise formed the core of Telstra’s evaluation criteria.

“There is an understanding that we have much to do, and we need to work together,” Lamming notes. “Symantec, working with the other technology vendors in the data center, was a workable solution. We knew the teams, understood their roles, and that we would not have any hand-off issues.”

The initial project involving Symantec focused on backup and restore. The previous solution had a number of shortcomings, and Symantec worked with the Telstra team and its different technology partners to consolidate data pro-tection operations across its data center environment on Veritas NetBackup. Symantec Consulting Services provided as many as 10 consultants on site throughout various stages of project implementation. The solution backs up more than 140 terabytes of data each day, including 600 percent spikes in daily backup volumes, while improving backup success rates by 10 percent.

The Symantec team subsequently worked with Telstra and its strategic providers to design and implement a high availability and disaster recovery solution leveraging Veritas Storage Foundation HA, Veritas Storage Foundation for Oracle RAC, and Veritas Cluster Server. The solution breaks into two basic pieces.

First, Symantec Consulting Services worked with Accenture and Sun, Telstra’s preferred server platform vendor, to deploy a clus-tered environment that taps the N+1 technology of Veritas Cluster Server for clusters up to 15 nodes across Telstra’s business-critical Sun Solaris-based servers. The high availability cluster also uses Veritas Storage Foundation Cluster File System that allows Telstra to share data between multiple hosts. The ability to cluster multiple hosts to one or two hot spares translates into savings of millions of dollars in hardware, software, and maintenance for Telstra.

Second, using Veritas Storage Foundation, Telstra was able to gain better flexibility of its tiered EMC storage environment, moving some data archiving to tier-three storage versus tier-one storage. This enabled Telstra to avoid additional tier-one disk storage purchases, equating to significant cost avoidance.

Archiving email for storage and complianceRecently, seeking to control burgeoning volumes of email data and comply with legal discovery requirements, the Telstra team elected to imple-ment Symantec Enterprise Vault. Symantec Consulting Services is currently help-ing with the implementation, which includes Enterprise Vault Microsoft Exchange Journaling and Discovery Accelerator. Once fully deployed, the solution will provide email archiving and e-discovery for more than

45,000 mailboxes and more than 20 terabytes of email data.

Savoring the results of the journeyRanking as one of the great engineering feats of 19th century Australia, the Australian Overland Telegraph Line involved thou-sands of differ-ent individuals in planning and actual con-struction—and took many years to plan and another two years to build. Yet despite the enormous expenditure of time and resourc-es, the end result was well worth the journey.

The same can be said of the IT transformation journey Lamming embarked upon. While five years is a virtual eternity in technology years, the expedition for Lamming and the rest of the Telstra team and its technology partners is proving to be quite fruitful. And unlike the Australia Overland Telegraph Line, they haven’t had to wait until the completion of the journey to savor some of the results. n

Patrick E. Spencer (Ph.D.) is the editor in chief for CIO Digest and the author of a book and various articles and reviews published by Continuum Books and Sage Publications, among others.

s

> Delivered more than 20,000requirements for core platforms

> Completed 95,000 test casesacross 175 applications and 625interfaces for core platforms

> Deployed 4,700 square meters ofnext-generation data center

> Trained 17,800 users across thebusiness as well as industry partners, shops, and dealers

> 600 new workflows and instruc-tions; 1,900+ training courses

> Operating more than 6.7 millioncustomers and more than 12 million services on the new systems

Clicking on the IT Transformation Results (November 2008)

PodcastCheck out the executive Spotlight Podcast with Tom Lamming at go.symantec.com/lamming


RIC

HA

RD

BO

RG

E

That’s how fast change is occurring in the telecommunications industry. After food, water, and shelter, communication is arguably the fourth most important universal need. Hence, it’s no surprise that consumer demand for new services is high—and no stretch to say that trend will continue, no matter what economic blips occur.

A confluence of this increasing global demand and a technological shift toward open, off-the-shelf architectures is quickly transforming the sector, resulting in new opportunities for telcos and, of course, new challenges.

Bridging two worldsOne of the biggest challenges for telecommunica-tions companies today is keeping one foot firmly planted in the “old world” while preparing for

the new. Fixed-mobile convergence—the seamless integration of fixed-line and mobile telephone services, often accompanied by image, music, and video download options—is one way telcos are attempting to bridge the two worlds.

“Fixed-mobile convergence is an attempt by the wired-line carriers to hold on to customers in an era that’s increasingly dominated by wireless communications,” says Robert Rosenberg, president of Insight Research, a telecommunications market research firm based in Boonton, New Jersey.

Line losses—when customers discontinue their fixed-line service in favor of a wireless plan—are increasingly diminishing the bottom line for telcos. On the flip side, intense competition in the wireless world is driving down prices, squeezing margins there as well. Even as the lines blur between wired and wireless carriers, both face a familiar challenge: how to cut costs and offer new services.

The widely-used Internet Protocol, or IP, offers a compelling way to do both. “Voice-over IP (VoIP) provides a much cheaper way to

INDUSTRY FEATURE

As IP-based networks gain ground, new opportunities and challenges are emerging for telcos

Double-EdgedThe

Sword ofIP Convergence

By Ken Downie

Remember the “picture phone” that Judy Jetson—the teenage daughter on the now-vintage Hanna-Barbera cartoon, The Jetsons—used to tie up for hours? In less than 10 years, it’s likely that most households will have one.


assemble and maintain a network, whether you’re on the wired or the wireless side,” says Rosenberg. “It’s very clear now that telco networks are increasingly IP-based, especially in the backbone, and that the endpoints themselves will increasingly be IP.”

New services, new risksThe migration to IP-based “next generation networks”—or NGNs—is not happening overnight. However, it is being accelerated by consumer demand for new services, such as file exchange and music download-ing, streaming movies, and IP TV. While today these services make only minimal contributions to the bottom line for most telcos, they present a tremendous revenue op-portunity for the future.

But along with new product opportunities and infrastructure cost savings comes increased risk. “IP-based networks are more easily compromised because there are more people out there who are familiar with the technology,” Rosenberg says. “The potential for security breaches or denial-of-service attacks—as well as the level of sophistication of the attacks—increases dramatically.”

To deal with these threats, tele-communications companies must first determine their potential impact on the business, and then decide what defense and remediation tactics to employ.

Security firstA company that offers an interest-ing perspective is du, one of the two major telecommunications provid-ers serving Dubai and the United Arab Emirates. Launched in late 2005, du has had both the challenge and the advantage of entering the market in the middle of the shift to an IP-based infrastructure.

Defining and building a security infrastructure that would not become quickly outdated was one of the company’s top priorities—a challenge that fell to Walid Kamal,

du’s vice president of technology security and risk management. “We had the opportunity to approach security from the ground up, which is not necessarily the norm in the telecommunications industry from what I have seen,” says Kamal.

Risk management is firmly embedded in du’s governance model. “We have a very systematic, ongoing approach to network security,” ex-plains Kamal. “We identify business risks, prioritize them, and evaluate technology solutions that can help us mitigate those risks. When we

want to introduce new products, sometimes we need to freeze the technology until we can mitigate the risk. After all, if you’re introducing a new product and you don’t have solid security, you will fail.”

In addition to traditional fixed-line service, du offers VoIP, IP TV, and mobile communications services. “The change toward next-generation networks has begun,” Kamal notes. “In some ways, we are already there. Nonetheless, regardless of the underlying technology, there will always be risk involved, and the fundamental principles of risk management don’t change.”

Kamal has divided his staff into three distinct domains: security technology design, architecture, and implementation; security operations/incident investigation; and policy, compliance, and audit. The company’s Security Operations Center operates around the clock to proactively defend against network attacks. To supplement internal resources, du has added Symantec Managed Security Services and Symantec Residency Services; the latter includes an onsite Symantec Resident Resource who helps to

identify and remediate threats. “We need to make sure our dynamic environment is secure not only today but over the long term,” Kamal explains.

In addition to the above, du deployed Symantec Security Information Manager as part of its Managed Security Services rollout to automate the monitoring of its security environment. Symantec Security Information Manager offers a centralized view of log file data from devices such as endpoints and firewalls, allowing du to identify critical alerts within five minutes, versus up to

Walid Kamal, Vice President of Technology Security and Risk Management, du


one week using manual log-file analysis tactics.

“The ability to identify threats quickly was another critical crite-rion for our assessment,” Kamal comments. “We know we have to be very proactive and should have im-mediate turnaround and minimum response time if any security inci-dent occurs in our organization.”

Managing billions of endpointsAnother trend driving security requirements in the telecommuni-cations industry is the emergence of new, mobile, intelligent endpoints that blur the lines between the computer, phone, music and video player, and Blackberry.

“I don’t even know what a com-puter is anymore,” says Insight Research’s Rosenberg. “And it doesn’t matter. Protecting these endpoints and the data stored on them will be

a challenge. The central-ized management that we had in the days of the public switched telephone network (PSTN) is gone, and now what we’re trying to do is essentially manage billions of endpoints.”

To secure its endpoints and manage them from one central interface, duis in the process of con-solidating its various end-point security technolo-gies onto Symantec End-point Protection 11.0 with Symantec Network Access Control. The Network Access Control option will allow du to ensure that any endpoint is compliant before allowing it to con-nect to the network. “This technology is under proof of concept now at du and will allow us to cut costs and reduce administrative time by standardizing on one technology for end-point protection,” Kamal says. “This will also help

us be more proactive in identifying security and risk issues as well as the needs of the business.”

Competing on uptimeWhile security is indeed a primary challenge in the telecommunications industry, gaining customers—and keeping them—is also paramount.

With competition fierce, especially in emerging markets, telcos are in-creasingly competing on availability of services. Any downtime represents lost revenue, lost customers, and a tarnished reputation.

At Swisscom IT Services, which serves Swisscom, the largest telecommunications provider in Switzerland, this is a priority for Bruno Kocher, head of enterprise storage services. “Availability of systems and data is becoming more and more critical for telecommunications companies,” says Kocher. Located in Berne,

Swisscom IT Services also makes its storage and backup offerings available to other corporate customers with similar needs for high availability, such as banks and transportation companies.

To ensure high availability, Swisscom IT Services is using Veritas Storage Foundation HA, which includes Veritas Cluster Server for automated failover. The solution enables the company to make storage allocation changes on the fly, with no application downtime.

As an IT organization, Swisscom IT Services has been an innovator. The company maintains the largest blade server farm in Europe, built Switzerland’s first storage area network (SAN) earlier this decade, and was one of the first major IT providers to realize the management benefits of booting its servers from the SAN, rather than from local disks.

“We always have the latest tech-nology, especially when it comes to protecting customer data and provid-ing maximum availability for our customers,” Kocher says. “Because we have SLAs, if we had any sort of data loss, we would have to pay the cus-tomers for that loss. Also, aside from the financial impact, there would be damage to our reputation.”

To protect its customers’ data, Swisscom IT Services uses Veritas NetBackup to centralize backup-and-recovery operations across its Solaris and Microsoft Windows environ-ments. “Telcos are very quickly going to have to be backing up a lot more data,” Kocher notes. “The data that Swisscom IT Services backs up for customers has increased by over 1,000 percent since 2002.”

Staying green, saving greenAs data stores continue to grow and redundancy becomes more and more important, companies are challenged to deliver on the notion of “green IT” while still meeting business requirements. When a server is not critical enough to warrant a dedicated,

Jus

tIn

HE

ss

IOn

/GE

tt

Y IM

AG

Es

Bruno Kocher, Head of Enterprise

Storage Services, Swisscom IT Services

▲

■

▲

reporting and chargebacks based


DA

VID

SP

UR

SOLUTIONS FEATURE

How can you turn operational risks into returns? It’s a matter of putting the right IT governance, risk management, and compliance (GRC) processes in place. And frequently, that’s not the most sought-after assignment.

“Being in charge of managing IT risk is often seen as being in the business of ‘no,’” says Scott Crawford, research director at Enterprise Management Associates. “That’s how a chief

information security officer recently put it to me. But the alignment of IT governance, risk management and compliance is not the business of ‘no’—it isn’t a business inhibitor; rather, it’s actually a business enabler.”

A 2008 survey by the IT Policy Compliance Group confirms this observation.1 Firms with better IT GRC results are also enjoying much better performance when it comes to satisfying customers and growing revenues and profits. They have 17 percent higher revenues, 14 percent higher profits, 18 percent higher customer satisfaction rates, and spend 50 percent less on regulatory compliance annually. “To put it simply, the principles of good IT governance, risk management, and compliance are actually the principles of good IT management,” Crawford says.

To succeed in IT GRC management, more than half of the 224 companies surveyed in one study on the subject have, in the words of a respondent, “turned process into a strategic asset.” 2 “They’ve adopted Information Technology Infrastructure Library (ITIL) standards,” Crawford says. “ITIL’s ‘three-legged stool’ is a foundation for successful IT GRC. People are an asset—but they can also be a vulnerability. To be suc-cessful, people need processes that guide them to the desired behavior and results and technology that automates the processes and makes them easy to perform consistently.”

By Alan Drummer

How IT governance, risk management, and compliance drive better business outcomes

ReturnsTurning Risk

into

People: they’re your problem in this area—and your answer. By their actions, they potentially expose

your organization to risks that could damage or destroy it—yet they bring you the precious skills and teamwork that deliver value to your customers and bring back returns.


Greg Malacane agrees. As a senior business analyst for The Alchemy Solutions Group, Malacane works with IT organizations to analyze and measure the business value they’ve achieved, or are projected to realize, from a given initiative or solution set. “In almost every study we’ve done in the compliance area, successful organizations are meeting challenges by centralizing, standardizing, and automating compliance tasks with technology,” he reports.

So if processes and technologies are key, which ones are proving most useful? How are organizations using them to turn risks into returns? Here are key lessons learned by three top IT decision makers.

Create a single sign-onRisk: Access control is a fundamental in compliance. Imagine running a health plan where 4,000 clinicians take laptops into the field to visit 30,000 patients a day. Each patient visit requires a clinician to access multiple applications—and each application takes a different user ID and password. Some clinicians try to recall their sign-on information from memory and get locked out. Others write down their IDs and passwords on their laptops. This was a management challenge facing Larry Whiteside, Jr. when he became chief information security officer at Visiting Nurse Service of New York.

Process: “We developed a single sign-on capability,” Whiteside ex-plains. “We let users log in once and gain access to multiple applications.”

Technology: Whiteside worked with his development team to use Lightweight Directory Access Protocol (LDAP), taking advantage of its simple, extensible, multi-platform access to applications.

Returns: On a patient visit, clinicians sign in once—and then can devote their full attention to the patient. With 4,000 clinicians saving about 10 minutes a day, more than 3,000 hours a week are being reclaimed for patient care.

See everythingRisk: What you can’t see, you can’t manage or remediate. “We have 60 locations and 4,000 endpoints in the field,” Visiting Nurse Service’s Whiteside reports, “but when I came here, we didn’t have any way to get security intelligence about the environment. We could only see what was going in or coming out the gateway.”

Process: Whiteside chose to automate the gathering and correlation of logs from all endpoints, firewalls, hosts, virtual private networks (VPNs), intrusion detection systems (IDS), directories, and applications.

Technology: Logs from Symantec Endpoint Protection on all desktops and servers feed into a LogLogic appliance, which in turn feeds into Symantec Security Information Manager. Meanwhile, Symantec

Security Information Manager captures logs directly from network-based devices such as firewalls, routers, and switches. “Everything is correlated inside Symantec Security Information Manager, so I get a comprehensive correlated and prioritized picture of events occurring from the firewall to the desktop,” Whiteside says. “We get the view we need of what’s going on.”

Returns: Whiteside’s security team can focus on tasks more strategic than pouring through

logs. “It would take at least two full-time employees to check all the logs that are correlated and prioritized automatically now,” he says. “We get the network intelligence we need to make more informed decisions.”

To err is human, to automate divineRisk: How do you know when an endpoint is infected? If unreported, will it infect the rest of the network? That was the potential at Singapore’s Energy Market Company, the operator of Singapore’s wholesale electricity marketplace. “The uncertainty wasn’t acceptable,” says James Ng, vice president of technology.

Process: Ng chose to automate the detection and isolation of infected endpoints using Symantec Endpoint

James Ng, VP of IT, Energy Market Company

“To put it simply, the principles of good IT governance, risk management, and compliance are actually the principles of good IT management.”—Scott Crawford, Research Director, Enterprise Management Associates


Protection and Symantec Network Access Control. The infrastructure now denies a connection to any non-compliant device that attempts to connect to the network.

Technology: The endpoint protec-tion solution identifies any infected device. The network access control solution immediately isolates an in-fected endpoint from the network. It also denies a network connection to any device that is not compliant with Energy Market Company security policies or current in its antivirus protection and patches.

Return: An infected endpoint on Energy Market Company’s network is automatically isolated in seconds. “The user can’t do anything on the infected PC,” Ng says. “In the past the user may not have called us, and

the infected PC could have gone unnoticed. With this system in place, there is consistency in the way we detect and remediate problems.”

Centralize endpoint administrationRisk: Quality, efficiency, and cost savings mean everything to Molina Healthcare. That’s because it’s a Medicaid managed care organization that delivers healthcare to over 1.2 million individ-uals and families in 10

states and 17 owned-and-operated medical clinics. Molina Healthcare has been meeting its challenges since 1980, and over the years several of its state plans have been rated best in the United States by a major news magazine.

“Our founder said this is the busi-ness of nickels,” says Sri Bharadwaj, director of infrastructure and opera-tions. “Unlike commercial health insurers who can raise their rates if their costs go up, we can’t. The state governments tell us how much they will be paying. So, it is incumbent on us to leverage our administrative efficiency to keep costs low. We try to manage our medical costs, but control our administrative spending.”

A chief problem the IT team at Molina Healthcare faced was

the complexity of managing endpoints for 2,300 employees in multiple states—and keeping them patched and pro-tected compliantly.

Process: “We needed an easier management inter-face, with the ability to centrally manage all our endpoints,” Bharadwaj notes. “We needed a way to inventory them cen-trally and remotely,

inspect their registries, install software, push out patches, and streamline our help desk.”

Technology: Molina Healthcare uses centralized standards manage-ment software to create and detect standards, assess technical controls, detect deviations, and remediate them. It also uses automated central-ized helpdesk software and a client management suite for centralized, automated patch management and software management. The health maintenance network relies on Symantec Control Compliance Suite, Altiris Helpdesk Solution, and Altiris Client Management Suite for the above capabilities.

Returns: “We have 2,300 employ-ees, and managing all our endpoints is now a part-time assignment for a single resource,” Bharadwaj says. “Had we tried to do all the manage-ment tasks on our own without the tools from Symantec, it would have required four or five employees working full time, all with a big travel budget.”

Get control of unstructured dataRisk: When employees create PST files to archive their email messages, the files are unmanaged, easily lost and corrupted, and difficult to search—creating multiple compliance and risk management issues.

Process: Molina Healthcare’s Bharadwaj chose to archive the organization’s email so that PST files are no longer needed. They’ve been banned. Existing PST files have been detected and migrated to a central repository where their contents are now indexed and easily searchable.

Technology: Bharadwaj’s team deployed an archiving solution using Symantec Enterprise Vault that enables employees to store, manage, and discover unstructured information across the organization.

Returns: At Molina Healthcare, 3,000 PST files were detected and ingested to a central vault using Enterprise Vault PST Migrator where their contents are easily searchable.

RO

BIN

RA

O

s What do high performers in IT GRC have in common?94% define configuration change control processes and enforce them

91% monitor the IT environ-ment for changes

77% monitor IT access and use for indications of fraud and unusual behavior proactively

64% reported 10% or fewer security incidents disruptive to IT in past year

In comparison, 50% of medium performers indicated that more than 10% of security events were disruptive to IT.

High performers had approxi-mately half the median incidence of disruptive security events as both medium and low performers.

Source: Scott Crawford, “EMA’s 2008 Survey of IT Governance, Risk and Compliance Management in the Real World,” Enterprise Management Associates, Inc., www.enterprisemanagement.com.

Larry Whiteside, Jr., CISO, Visiting Nurse Service of New York


s

“By enforcing policies and managing storage requirements using write-once read-many-times (WORM) technology, we have been able to maintain storage and allow for future growth without an increase in storage cost,” Bharadwaj says.

Centralize and encrypt that backupRisk: “We had people managing backup tapes across our multi-state environment,” Molina Healthcare’s Bharadwaj says. “It was resource intensive and not consistent. If we needed to pull certain data, it was a nightmare to find the tape.”

Process: Bharadwaj and his team decided to centralize and automate backup and deploy encryption.

Technology: Molina Healthcare chose deduplication technology in the form of Veritas NetBackup and NetBackup PureDisk to reduce bandwidth and storage consumption. This enables centralized backup over the network without disruption to production. With the NetBackup Encryption options, data is encrypted both in motion and at rest.

Returns: “We’ve reduced backup costs by about 60 percent,” Bharadwaj reports. “We can recover a production application in two hours instead of 10 to 15 hours. And we have 256-bit encryption and centralized backup—making our data more secure and helping us meet governance, risk management, and compliance obligations.”

Follow through automaticallyRisk: When monitoring compliance checkpoints, any manual system is vulnerable. “We can’t just depend on people alone for security and compliance,” says Energy Market Company’s Ng. “We have a small IT staff, and we need to count on automation and technology, not just people, to fulfill our compliance obligations.”

Process: Ng sought a way to make compliance monitoring con-sistent. “We have a 40-page state-ment of IT policies, and to ensure

compliance, we have to translate that into action—into who does what, quarterly, monthly, yearly,” he observes.

Technology: The 40 pages of policies at Energy Market Com-pany have been translated into an extensive Excel spreadsheet to track steps taken. But Ng and team have other plans. “We’re evaluating an automated system—in this case Symantec Control Compliance Suite. One of its ad-vantages is that it will eliminate ambiguity. When there’s a compli-ance task to be done, an employee will be automatically reminded to execute it and management alerted until it’s done.”

Returns: Everyone will be able to focus on more valuable tasks. “Automation will relieve manage-ment from chasing the IT staff,” Ng says. “The software will do the work for us.”

Who do you trust?Progress can be quick—Molina Healthcare’s Bharadwaj has seen it. “A year ago, we identified gaps in governance, risk management, and compliance and put plans in place to address them,” he says. “We wanted to ensure that every desktop or laptop is protected, and every end-point is managed appropri-ately from a central loca-tion, and all of this can occur without much disruption to the business. That was our vision. And we’ve made great progress in the past nine months.”

Now Molina Healthcare has the classic three legs to the stool, says Bharadwaj: “People and processes might not always sync up, but to a great extent, we’re using technology to automate, managing risk and guiding people into compliance in whatever they do.”

Energy Market Company’s Ng has another way to sum this up. “In people alone, because everyone is human, we can’t put

our full trust,” he says. “But when people, process, and technology are integrated—we can.” n

Alan Drummer is Creative Director for Content at NAVAJO Company. His work has appeared in the Los Angeles Times, San Francisco Examiner, Create Magazine, and on The History Channel.

1 “New Research Shows Benefits of Improving IT GRC Practices and Capabilities,” announcements, www.itpolicycompliance.com, May 15th, 2008.

2 Scott Crawford, “EMA’s 2008 Survey of IT Governance, Risk and Compliance Management in the Real World,” Enterprise Management Associates, Inc., www.enterprisemanagement.com.

MIC

HA

EL

BR

UN

ET

TO

s Law and Order from Symantec

Control Compliance Suite: Integrated products that automate processes to reduce compliance costs

Security Information Manager: Collect, store, and analyze log data as well as monitor and respond to security events

Altiris Helpdesk Solution: Incident manage-ment tool that helps ensure availability and raise service levels while reducing costs

Altiris Client Management Suite: Easy-to-use systems management solution that reduces the total cost of ownership for desktops, notebooks, and handheld devices

Enterprise Vault: Email and content archiving solution enables users to store, manage, and discover unstructured information across the organization

Data Loss Prevention: Delivers a unified solution to discover, monitor, and protect confidential data wherever it is stored or used

Sri Bharadwaj, Director of Infrastructure and Operations, Molina Healthcare


For the past eight years the infamous “prancing horse” logo has been proudly displayed on the P.180 Avanti—the “Ferrari of the Sky.” Many may not realize this, but

the genesis of the logo actually dates back almost a century when it was displayed on the tail of an airplane belonging to a legendary World War I Italian Air Force pilot (see the “Genesis of the ‘Prancing Horse’” sidebar). It made its reappearance in aeronautics with the release of the P.180 Avanti in 2002.

The P.180 Avanti, the flagship product of Piaggio Aero Industries S.p.A., is an impressive aircraft—the fastest turboprop in the world (402 knots per hour

with a maximum cruising altitude of 41,000 feet and a range of 1,500 miles). Its engineering design

required a complete rethinking of conventional aircraft configurations, resulting in a patented Three-Lifting-Surface Configuration (3LSC) that requires 34 percent less wing span and dual turboprops on the backside of the wing. The P.180 Avanti, which has sold more than 170 worldwide, is used to shuttle Ferrari’s executives and star Formula One drivers around Europe, if not the world, to unveil new cars, win Grand Prix events, and much more. In addition, both Ferrari Racing Team drivers, Felipe Massa and Kimi Raikkonen, are spokespersons of Piaggio Aero and the P.180 Avanti II.

Standardizing at takeoffThe bar had obviously been set very high when Roberto Zuffada, who was given the charter to design and build a next-generation IT infrastructure representative of the company’s brand, was named CIO two years ago. There was much work to do; the legacy environment consisted of a number of different technologies configured in isolated silos. For example, the server environment included mainframes, various UNIX and Linux flavors, as well as Microsoft Windows-based servers. At the same time, applications were based on proprietary

technologies that did not talk to each other.

After significant analy-sis, Zuffada determined that standardization should be at the core of the next-generation IT infrastruc-ture. The overriding objec-tive of the standardization initiative was to reduce IT costs while driving opera-tional efficiencies.

Microsoft technologies would play a pivotal role for the Piaggio Aero team. “We decided to standardize on a

number of different Microsoft solutions,” Zuffada says, “from Microsoft Windows for our server platform and operating system, to Microsoft Exchange for email, to Microsoft SharePoint for publishing and information flow, to Microsoft .NET for application development.”

EMEA

A Rapid IT AscentIT Standardization Prompts a Vertical Climb in Business Value


Founded: 1998Operations: Only company in the world to be active in all aspects of aircraft design manufacturing and maintenance, aero-engines produc-tion, and aero-engines repair and overhaulKey Shareholders: Piero Ferrari, Josè Di Mase, Mubadala Develop-ment Company (totally owned by the Abu Dhabi Governement), and Tata Limited (recent stakeholder agreement announced)Total Order Book Value: More than $700 million USD IT Team: 25 Website: www.piaggioaero.com

Turbocharged for Performance

s

PIA

GG

IO A

ER

O S

.p.A

.


The need to standardize the IT infrastructure was accentuated by the requisite to deliver a streamlined, more integrated product lifecycle management (PLM) for Piaggio Aero’s next-generation projects. “The design and manufacturing of our future aircraft will be based on a new PLM that requires a new ERP system,” Zuffada explains. “In order to get to the point of selecting and deploying this new

ERP solution, we had to get the underlying IT infrastructure in place.”

Beyond Microsoft, the Piaggio Aero team has formed strategic relation-ships with other technol-ogy providers, including Symantec. “We’ve elected to standardize on Syman-tec technologies on a num-ber of different fronts,” Zuffada says. Initiatives encompass data protection, endpoint security, mail security, and email and document archiving and management.

Eliminating 98 percent of emailAn overwhelming volume—approximately 98 percent—

of the email Piaggio Aero receives is spam. End users were spending as much as 30 minutes each day deleting spam from their inboxes, while the IT team was spending an inordinate amount of time managing the Exchange environment in order to sustain system performance.

Zuffada’s team designed a dual-cascade control architecture using Symantec Premium AntiSpam. The first server is used for overflow while the second server is used to analyze the remaining email. With the elimination of 98 percent of email, the overall productivity of the IT team improved 30 percent; the time saved is now reallocated to more strategic tasks. Additionally, end users have seen a dramatic productivity improvement.

Data protection with a business caseThe previous IT infrastructure had backup-and-restore solutions for each server platform and operating system. Ongoing administration of this environment was extremely inefficient and time consuming. When Zuffada and his team con-solidated the server environment onto Microsoft Windows-based HP servers, they made a decision to migrate from EMC Legato to Veritas NetBackup. “A key busi-ness requirement was the need for more granular restores,” Zuffada explains. “The ability, for example, to restore a single email was very interesting to us.”

The Piaggio Aero team worked with Symantec Consulting Services to roll out the next-generation data protection solution in October 2008. Backups are configured for disk-to-disk-to-tape to HP StorageWorks Enterprise Virtual Arrays and HP LTO 3 tape libraries. The backup window shrank 50 percent while the time required to perform a restore was reduced 60 percent. The solution is expected to scale with a backup volume growing at an annual rate of 30 percent, enabling the Piaggio Aero team to avoid adding more backup administrators despite a larger backup volume per administrator.

Extending green to ITJust as the design of the P.180 Avanti is sensitive to its carbon footprint, including 50 percent higher fuel efficiencies than most other business jets, 30 percent higher fuel efficiencies than the most efficient twin turboprops, and the ability to land and takeoff on runways as short as 3,000 feet, Zuffada and his team are designing their next-generation IT infrastructure with green concerns in mind.

Virtualization is part of this pro-cess. “Now that we have a standard server platform in place, we are ready to move towards virtualization,”

Zuffada notes. “Our focus here is to create a more energy-efficient data center environment by consolidat-ing servers and reducing power consumption.” Though they have not finalized a technology decision yet, Zuffada and his team are in the final stages of evaluating different technology options and anticipate an implementation timeframe in 2009.

Archiving structured and unstructured dataIn early 2007, the Piaggio Aero team migrated their email system from Lotus Notes to Microsoft Exchange. While this improved system per-formance and provided end users with additional functionality, other challenges remained. “We simply had lost email before,” Zuffada says, “and we didn’t have any means to retrieve email stored in corrupt PST

The prancing horse was first displayed on an aircraft—not an automobile. Count

Francesco Baracca, a great pilot who served with the Italian Air Force during the First World War, exhibited the prancing horse on the tail of his aircraft.

The mother of Count Francesco Baracca donated the symbol to Enzo Ferrari after watching him race to a victory on the Salvio cir-cuit in 1923. She instructed him to place it on his cars, indicating it was a representation of her son, who had died when his plane was shot down in 1918, and would bring him luck. Enzo Ferrari thereafter added the yellow color as a symbol of the city of Modena, and the “Cavallino Rampante” was born.

The son of Enzo Ferrari, Piero Ferrari, was named chairman of Piaggio Aero 1998. In 2000, when the Scuderia Ferrari (Ferrari Racing Team) chose the P.180 Avanti II, the prancing horse returned to the field of aeronautics again (it is displayed on the nose and tail of the P.180 Avanti II flown by the team).

Genesis of the “Prancing Horse”

s

PIA

GG

IO A

ER

O S

.p.A

.

EM

EA


files or email that had been acciden-tally deleted. We needed a solution that would allow us to archive and store email in one centralized reposi-

tory that could be easily and quickly retrieved.”

In addition, there was a pressing need to create an archival solution for unstructured data. The team not only had a need to archive file and print data but product lifecycle management data created by various authoring tools such as Microsoft Office SharePoint Server.

As a result, the ability to archive both structured and unstructured data was at the core of the evalua-tion criteria the Piaggio Aero team established. They ultimately selected

Symantec Enterprise Vault and be-gan implementing the solution with the assistance of Symantec Consult-ing Services in November 2008.

The deployment includes inges-tion of PST files using Enterprise Vault PST Migrator. The solution also moves Exchange storage from tier-one SAN disks to less expen-sive tier-two storage disks inside the same storage system, equat-ing to as much as a 30 percent reduction in storage cost. In addition, the team projects data deduplication savings—through single-instance archiving and data compression—of at least 30 per-cent that will reduce their storage footprint and power consumption.

Delivering security to the endpointWhen Zuffada and his team migrated from the silo-based IT infrastructure to Microsoft Win-dows, they pinpointed endpoint security as an area they wanted to address. As part of this process, they engaged Symantec Consulting Services to conduct a penetration test to ascertain the vulnerabilities of their network.

With the results in hand, the team determined they needed to standardize on one centralized endpoint security toolset. This would help to improve overall ef-ficiencies while creating a mecha-nism for checking client logs and tracing data. “We are centralizing antivirus, antispyware, application and device control, firewall, as well as policies and procedures under-neath Symantec Multi-tier Protec-tion,” Zuffada says. “This will pro-vide a greatly enhanced endpoint security environment and help us drive business efficiencies.”

Soaring to successWhen asked what has helped him achieve success throughout his career, Zuffada indicates the answer is twofold: technology and the business. Zuffada explains: “Technology is not enough. IT must understand the business and the underlying business processes in order for technology deployments to be successful.” And when these two elements are combined, the potential results might be “The Ferrari of IT.” n


“Technology is not enough. IT must understand the business and the underlying business processes in order for technology deployments to be successful. ”—Roberto Zuffada, CIO, Piaggio Aero Industries, S.p.A.

FAb

IO L

Om

bR

IcI

> Symantec Multi-tier Protection> Symantec Enterprise Vault> Symantec Premium AntiSpam> Veritas NetBackup> Symantec Consulting Services

Symantec Helps to Propel Piaggio Aero

s

Roberto Zuffada, CIO, Piaggio Aero S.p.A.


The unusual and varied landscape of New Zealand has made it a popular destination for the production of several well-known films, including The Lord of the Rings trilogy,

The Chronicles of Narnia series, and The Last Samurai. The pioneering spirit behind these iconic productions is embodied in the efforts of healthAlliance NZ Ltd., which provides various shared services, such as procurement, materials management, recruitment, payroll, finance, and information services, to the Counties Manukau and Waitemata District Health Boards. Indeed, led by CIO Phil Brimacombe, healthAlliance’s information systems (IS) team has garnered a number of awards since the organization’s founding in 2000 that recognize its technology thought leadership and innovation.

These include two BearingPoint Innovation Awards. The one granted for the Kidslink Wellchild

Project, which dramatically increased immunization rates among children, was particularly

meaningful, as it was presented to Brimacombe and his team by New Zealand’s prime minister.

Success for the IS team has not come without a significant amount of strategic planning, focus, and hard work. “Healthcare is the most complex and most challenging IT environment in which I’ve ever worked,” Brimacombe explains. “It’s also the most interesting and the most stimulating. You never get bored. Things constantly change in healthcare.”

For example, transformation in biomedical services over the past decade has created additional IT challenges. Brimacombe explains: “Every new bit of biomedical equipment that comes out today comes with software, whereas 10 years ago it was almost all mechanical. Every bit of specialized equipment comes with its own specialized software. This is how we’ve rapidly spiraled up to the order of 900 different applications.”

Clinicians diagnose the problemEfficient management of IT systems plays an important role in helping healthAlliance to achieve its goal of

minimizing costs and optimizing budget for front-line medical services. With that in mind, Brimacombe and his team embarked on a search to address two primary issues in 2006.

“Several years ago I would go to meetings with clinicians,” Brimacombe says, “and they would com-plain about two things. The first was the IS helpdesk.” The experiences were myriad—and all negative. “They would call and would wait for ages until someone called them back, and when they did finally answer they didn’t have an answer to the problem,” Brimacombe continues. “Further, when the helpdesk staff did log a problem, they never got back to the requestor.”

The second issue was in regard to actual IT assets. The clinicians complained “there weren’t enough of them, they were too old and slow, and had poor performance.”

APJ

BR

IAN

STA

UFF

ER


The Making of an Iconic IT ProductionAn IT Journey that Starts and Ends in New Zealand


IT assets: Where? What? Who?In order to identify the issues the clinicians helped define, Brimacombe and his team pinpointed the under-lying technology drivers. “When people complained about a machine, often it was the first we knew about it, as we didn’t know exactly where it was, who was using it, and what software was running on it,” Brimacombe relates.

“The other big challenge was the fact that the fleet was rapidly grow-ing. Three or four years ago we only had about 4,000 desktops. Today, we have 6,500, and we’re adding about 500 new desktops and moving about 800 to 1,000 to end of life every year.” And while the status quo was painful enough, the growth and evolution in the IT environment was going to create even more problems. “Without the right tools, the situation was simply going to get worse,” Brimacombe reports.

After a lengthy RFP process, Brima-combe and his team settled on Altiris Service and Asset Management Suite in June 2007 and began deployment in October 2007. Working with Symantec Consulting Services, Brimacombe and his team completed the implementa-tion in less than three months. For asset management, Brimacombe and his team use two components from the Service and Asset Management Suite: Asset Management Solution and Application Metering Solution.

“With Altiris Asset Manage-ment Solution, we now know the location of every one of the 6,500 machines, who is using each one, who’s responsible for it from a cost center standpoint, and what’s run-ning on it,” Brimacombe explains. “In addition, we’re able to use the Application Metering Solution to pinpoint if there is software running on one of the machines that isn’t be-ing used and shift it to a machine for someone who wants it.”

Helpdesk empowers end usersThe other piece to the larger puzzle Brimacombe and his team con-currently sought to solve was the

helpdesk problem. In addition to the complaints of clinicians, the existing helpdesk solution did not provide helpdesk personnel with a larger view of assets. “We needed a helpdesk system integrated with our asset management solution,” says Alistair Mascarenhas, service delivery team leader at healthAlliance. “Helpdesk personnel needed the ability to click through directly into the inventory information of the device that the user was using at that point in time.”

In order to address these require-ments, the healthAlliance team selected Altiris Helpdesk Solution that is part of the Service and Asset Management Suite. “With the Altiris Helpdesk Solution, we have given our users control,” Brimacombe explains. “They can log their own requests all through the web portal. We then instantly email them a job number, priority of the call, and service level associated with it.”

He continues: “Most of our users didn’t even know there were service level agreements for IT helpdesk requests.” As a result, by under-standing the service levels attached to their request, end users know what to expect in terms of a response—particularly when they will receive an actual response.

“One of the reasons end users thought the previous helpdesk system was a failure,” Brimacombe says, “was that it was absolutely drowning in calls from users who had submitted a request and wanted to know the status. Now, we have been able to move users to check status online and to pick up the phone only when there is a critical problem. This solution is transforming service delivery and taking away barriers that we had in trying to move forward with our IT strategy. I no longer hear clinicians complain about the helpdesk. In addition, the number of complaints

District Health Boards (DHBs) in New Zealand are responsible for providing, or funding the provision of, health and disability services in their district. There are 21 DHBs in New Zealand, which came into

existence on January 1, 2001, when the New Zealand Public Health and Disability Act 2000 came into force. The statutory objectives of the DHBs include: (1) improving, promoting, and protecting the health of communities; (2) promoting the integration of health services, especially primary and sec-ondary care services; and (3) promoting effective care or support of those in need of personal health services or disability support.

The DHBs are expected to demonstrate social responsibility by fostering community participation in health improvement and upholding the ethical and quality standards expected of providers of services and public sector organizations. Objectives include promoting the inclusion and participation in society and independence of people with disabilities, reducing health disparities by improving health outcomes for Maori and other population groups, and reducing—towards elimination—health outcome disparities between various population groups.

The New Zealand District Health Board

s

“Healthcare is the most complex and most challenging IT environment in which I’ve ever worked. ”—Phil Brimacombe, CIO, healthAlliance NZ Ltd.

AP

J

about the performance of individual systems has declined.”

In all, the results for IS helpdesk productivity are impressive. By moving more than 1,600 monthly move or change requests online, the team is able to track and monitor these requests and provide a faster turn-around for requests from end users.

With the IS helpdesk success in the foreground, Brimacombe and his team went in search of other areas wherethey could leverage the Helpdesk Solution. They found the next challenge to tackle with the payroll department, which manually man-aged information requests from DHB employees—a time-consuming

and inaccu-rate process. Working with Symantec Consulting Services, the

IS team extended the Helpdesk Solution to the payroll department in the summer of 2008. “Correcting payroll errors is vastly simplified and calls are systematically tracked and managed, thereby expediting issue resolution,” Mascarenhas says.

In late 2007, the healthAlliance team added Altiris IT Analytics Solu-tion to the IS helpdesk solution. “As we didn’t have the in-house expertise

for the deployment, we engaged Symantec Partner Bay Dynamics for implementation assistance,” Mascarenhas notes. The solution was initially integrated with the IS helpdesk and then extended to the payroll helpdesk when the Helpdesk Solution was rolled out for the payroll department. “The solution has given us a lot of flexibility,” Mascarenhas comments. “We previously had three individuals trained on generating reports with Crystal Report. However, with the IT Analytics Solution, the ac-tual business owners have the ability to create their own reports—both those on the IS and payroll teams.”

Business processes flow downhill with workflowIn May 2008, Brimacombe and his team identified manual workflow processes as their next target. “We currently have a huge number of manual processes such as taking orders for cell phones and requests for software or other services,” Brimacombe explains. “These are a time-consuming task, and we rarely get all of the requisite information the first time around and need to go back to the user to capture additional de-tail.” He and his team pinpointed two initial areas to address—the helpdesk interaction evaluation process and

user software requests—and elected to employ Altiris Workflow Solution as the basis. Symantec Consulting Services worked alongside the IS team to configure both workflow solutions.

“The Workflow Solution provides us with the means to automate all of these low-level activities and keep our resources focused on more complex and difficult tasks,” Brima-combe says. “This is the start of a really exciting journey to improve our service delivery. The higher we can lift the quality of our service delivery, the more we can engage customers in our more strategic programs. It’s a win-win scenario all around. We’ve only scratched the surface with Workflow Solution and are currently looking at five or six other areas for deployment in the next few months.”

Hollywood loses its “exclusivity rights”Hollywood no longer has exclusivity rights on New Zealand as a place for exceptional uniqueness and inspira-tion. Indeed, if Brimacombe and his team have their way, it will become just as well known as a source for IT thought leadership and innovation. “We’re only in the initial stages of a fascinating journey, one that will take us to some exciting places,” Brima-combe concludes. And while Brima-combe and his team have already “visited” some interesting sites on their trek, there are many destina-tions left to see. n


> Altiris Service and Asset

Management Suite: Asset Management Solution, HelpdeskSolution, and Application Metering Solution

> Altiris IT Analytics Solution> Altiris Workflow Solution> Symantec Consulting Services> Symantec Education Services

Symantec Credits at healthAlliance NZ

s


Phil Brimacombe is the CIO at healthAlliance NZ

Founded: 2000District Health Boards Served: Counties Manukau and WaitemataDistrict Health Boards Facilities: Four hospitals, 70 community and mental health sites, 130 dental school sitesResidents Served: More than 1 millionIT Team: 112 professionalsWebsite: www.healthAlliance.co.nz

Credits on healthAlliance NZ Ltd.

s

PodcastCheck out the Executive Spotlight Podcast with Phil Brimacombe at

go.symantec.com/Brimacombe

RA

Ch

AE

l Jo

El


Reapthebenefitsofincreasedflexibilitywithstorage,security,andmanagementsoftwarethat’soptimizedforvirtualization.

virtualization.

SYMantEC iS

SYMantEC.CoM/EvErYwhErE


Much has been written about the entrance of the “Millennial Generation” into the workforce. For them, the Internet has been a fact of life since their formative years.

For those of us who did not grow up with the Internet, it is nevertheless difficult to remember how different life was in the days when the (land-line) telephone was the fastest way to reach someone, and the best way to transmit documents was something called the facsimile.

The Internet has indeed transformed how life is lived, and it seems that the Internet transforms itself every few years, providing new challenges and new opportunities.

Building Brazil’s InternetPaulo Scrideli’s career has mirrored the history of the Internet in Brazil. In 1996, at the age of 24, he was

involved in the startup of Universo Online (UOL). “The Internet was not yet in Brazil at the time,” he recalls.

“We were in fact a pioneer commercial ISP and content provider in Brazil.”

In those days, Scrideli explains, “one of my first jobs was to create systems that were able to convert infor-mation from newspapers to HTML for use on our portal. We had to build the system from the ground up, as there were not specialized tools for this at the time.”

From that auspicious beginning, Scrideli has surfed the Internet wave, taking advantage of new opportunities each time the technology has matured to the next level. After UOL, he operated his own company for two years, helping businesses build their presence on the Web and developing some of Brazil’s first e-commerce sites. As broadband access became more in demand, he helped to launch NetStream, a company that developed “last mile” fiber networks in Brazil’s major cities.

From hosting to outsourcingWhen NetStream was sold in 1999, Scrideli and six of his colleagues left to form a new startup, Optiglobe, with the help of U.S. venture capital firms. “Our American partners had a business plan to build Internet data centers and provide hosting services for all of Latin America,” Scrideli explains. “My first mission was

to lead the technology infrastructure creation for the data centers.”

After Optiglobe secured $600 million in capital and vendor financing and built massive data centers in São Paulo, Rio de Janeiro, and Buenos Aires, the Internet bubble burst. “We had to reinvent the company to use our data centers’ capacity,” Scrideli remembers. “We converted our non-stop architecture to support mission-critical IT operations for non-Internet related business and started to build an IT outsourcing company.”

Over time, properties outside Brazil were divested and Votorantim Novos Negócios (VNN),

LATIN AMERICA

Continual TransformationFresh Opportunities Surfing the Internet’s Waves

By Mark L.S. Mullins

Founded: 2005 as a result of a merger of Proceda and OptiglobeHeadquarters: São PauloEmployees: 27,000Total Data Volume: 1.7 petabytes2007 Revenue: R$750 million BRL ($420 million USD)

TIVIT Essentials

sPaulo Scrideli, Director of Technology and Solutions, TIVIT


which had owned approximately 5 percent of Optiglobe’s total shares, bought a 100 percent stake of the Brazilian operation and began building one of Brazil’s largest outsourcing firms.

VNN merged Proceda with Optiglobe to form TIVIT in 2005, and TIVIT merged with a BPO over voice company named Telefutura in 2007. Today, the company provides IT solutions integrated with call center and business process out-sourcing services to some of the most important firms in Brazil.

And Brazil is just the starting point. In the last two years, TIVIT has signed its first offshore contracts for remote infrastructure management and systems development. “Creating the same kind of differentiation in this new competitive environment is a big challenge,” Scrideli notes.

Managing rapid data growthTIVIT’s revenues are growing by 50 percent annually, and “our data volume has grown by 180 percent in the past year to 1.7 petabytes” says Scrideli. “We have no agenda when it comes to hardware and software platforms for our customers’ data. As a result, we look to standardize on infrastructure solutions that are com-patible with a variety of systems.”

For data protection, TIVIT standardized on Veritas NetBackup, with a variety of agents and options to optimize backups and provide disaster recovery. The firm has maintained backup-and-restore success rates well over 99 percent while minimizing backup staff time. “Our success depends on our ability to scale efficiently,” Scrideli says, “and NetBackup is an important piece of our strategy.”

Symantec storage management and high availability solutions work together to help TIVIT meet its service level agreements, which promise 99.99 percent availability and provide maximum flexibility for its customers with regard to storage allocation and data migration. “Veritas products from Symantec have enabled us to meet our

high standards with relatively simple administration,” asserts Scrideli. “In the typical environments that TIVIT supports, these solutions are necessary to assure the service levels required to win our clients’ business.”

Securing and managing endpointsTIVIT has standardized on Symantec Endpoint Protection for security for servers, desktops, and laptops. “If a customer wants to use another anti-virus product for their hosted servers, we will let them,” Scrideli relates, “but Symantec is our standard.”

Altiris Client Management Suite helps TIVIT to roll out applications quickly and efficiently across the company, but the solution is even more valuable in the firm’s helpdesk and field services lines of business. By enabling admin-istrators to deploy, manage, and troubleshoot systems remotely, “Altiris helps us be more competi-tive by allowing our staff to solve more problems remotely and on the first call,” says Scrideli. “Without it, I would have to hire 20 to 30 percent more field service staff.”

A diverse careerScrideli, who holds Mechanical Engineering and International MBA degrees, has worn a variety of hats over the years at the firms he has served—from operations and support to IT infrastructure and telecommunications, from informa-tion security to strategic alliances and marketing.

“In 1996, a 64K link was every-thing that UOL had available to provide information to thousands of users,” Scrideli recalls. “Now, the scale, the numbers, and the Internet itself are something com-pletely different.” Nowadays, UOL has about 1.7 million subscribers and a monthly average of more than 15 million unique household visitors in Brazil.

“In the same way, eight years ago, it was very difficult to convince CIOs to have their IT environment not 5 or 10 meters from their desk, but rather miles away. Today, a lot of them see the value in having a strategic partnership with a com-pany like ours.”

“The CIO role itself, I believe, is completely different today,” Scrideli adds. “A good CIO today is not just an IT manager, but it’s someone who understands the business and tries to find ways to use IT to create differentiation for the business.”

And you can bet that as things evolve further, Scrideli will be riding the next wave. n

Mark L.S. Mullins is a managing editor of CIO Digest and manager of Symantec’s Global Customer Reference Program team.

“A good CIO today is not just an IT manager, but it’s someone who understands the business and tries to find ways to use IT to create differentiation for the business.”

—Paulo Scrideli, Director of Technology and Solutons, TIVIT

TIVIT Essentials

> Veritas NetBackup 6.5> Veritas Storage Foundation> Veritas Cluster Server> Veritas Volume Replicator> Symantec Endpoint Protection> Altiris Client Management Suite

Serving TIVIT Customers with Symantec Technology

s


Change” was ubiquitous as a campaign theme in last year’s election cycle in the United States. The concept filled the stump speeches and policy papers of members

of both major political parties—for incumbents and challengers alike. For those who were elected on the platform of change, the challenge will be not simply supporting change, but rather implementing beneficial change.

Perhaps more than most states, Michigan’s government has exper-ienced frequent change. Hit hard by the decline of the domestic automobile industry

and other types of manufacturing, state budget cuts have occurred several times in recent years, prompting agencies to find innovative ways to do more with less.

Information technology has been a part of these mandates, and the key strategy has been consolidation. In 2001, Gov. John Engler issued an executive order creating the Michigan Department of Information Technology (DIT), a cabinet-level agency devoted to serving the technology needs of each of the state’s departments.

Merging IT processes statewide“The mandate was to consolidate 19 disparate IT organizations,” recalls Ken Theis, who is now the state’s CIO. “The result was that about 2,300 employees were brought together under one organization—plus the HR functions associated with those workers, all IT contracts, the ownership of the hardware and software, procurement processes, and information security.”

The governor had already experimented with a piece of the IT consolidation puzzle with his 2000 initiative to centralize all state Web services under a revamped Michigan.gov portal. “At the time, every agency had its own Web site with its own look and feel,” says Dan Lohrmann, who led this effort before going on to become the state’s CISO. “The idea was to bring

everything together and launch a single portal for the state for

e-government.”The creation of the DIT

was a similar but much larger undertaking.

“The governor’s strategic objective was twofold,”

Theis asserts. “One was to bring

efficiencies in doing technology across

the 19 agencies, but another was effectiveness.

He thought that bringing things together would not

only formalize our standard architecture and standardize

our processes, but ultimately would result in technology that better supported the goals and objectives of his administration.”

Early challengesBy the time DIT was launched in early 2002, Gov. Engler was less than a year from the end of his final term in office and campaigning was beginning in earnest for the fall election. “There was a significant effort to ensure that we were far enough along that the agency would survive the transition to a new administration,” remembers Patrick Hale, who is now the state’s CTO.

This urgency meant that “time was not taken to properly plan the organizational structure, the key methodologies, and processes,” Theis relates. “This created great anxiety—not only with our 2,300 employees,

NORTH AMERICA

Jam

es

ya

ng

Beneficial ChangeA Massive IT Consolidation Improves Effectiveness

By Mark L.S. Mullins

“


but most importantly, with our 19 client agencies. Many probably hoped that the new governor would go back to the old model.”

The quick transition also exac-erbated problems in supporting the agency’s newly consolidated but very heterogeneous infrastructure. “We centralized before we standardized, and that became a true challenge,” Theis states. “For example, techni-cians were suddenly fixing PCs in other agencies where they had no understanding of the technical en-vironment and little documentation that they could consult.”

About the same time, the state initiated an early retirement incen-tive, and more employees than expected took advantage of it. “We lost 320 of our employees—almost 20 percent of our workforce—and were not able to replace them,” Theis recalls.

Getting strategicJennifer Granholm won the 2002 election, and despite the change in political parties in the gover-nor’s mansion, “she expressed full support for the overall model very early in her administration, though she also made the commitment to address the real concerns that had been raised by our employees and our client agencies,” says Theis.

Once the new administration signaled its support, the DIT team began assessing how to move forward. “We got a little bit of room to breathe,” Theis recalls, “and we asked, ‘Strategically, how are we going to deal with this?’”

As a result, the change man-agement and strategic planning processes that had been deferred were now able to proceed. These discussions resulted in several key initiatives, including the Secure Michigan initiative and the stand-ardization and consolidation effort known as Michigan One.

Securing MichiganLohrmann, who worked for six years at the National Security Agency

and has written a book and many articles and blog posts on IT security, led Secure Michigan. He worked with Hale and his team to build security into the IT infrastructure as it was being designed.

“We had to look at things much more as an enterprise, and we had to do a lot of very basic things to get there,” Lohrmann explains. “For example, we had 19 different security policies around acceptable use. We had to formulate to an enterprise-wide PC policy. And we had to make sure that the policy, and the technologies that support it, would still work after everything was consolidated.”

The business needs of the state agencies also had to be considered. “I

had a big challenge to be an ‘enabler’ rather than a ‘disabler’ from a security perspective—not just turn-ing things off, but figuring out how to allow them and secure them, Lohrmann says.”

Standardizing security softwareOne of the first solutions Lohrmann standardized on was Symantec AntiVirus. “It’s been a phenomenal product,” Lohrmann asserts, “and it’s not just the product. When we have state-wide security issues, we need people on the other end of the phone who not only have a global view, but also can zero in on our issues. Symantec has both.”

The state is currently in the process of upgrading to Symantec Endpoint Protection. “With so many people connecting at restaurants and airports, we know that the comprehensive security technologies of Endpoint Protection are the way to go,” Lohrmann says.

The state relies on Symantec Critical System Protection to protect against intrusions on critical servers, and Symantec Security Information Manager to correlate log data from across the state’s systems to provide custom alerts and reports on the state’s security landscape. As part of this imple-

mentation, Symantec Consulting Services designed custom data collectors for some of the state’s infrastructure.

For monitoring and reporting on compliance with regulations and standards, Lohrmann’s team has relied on Symantec Enterprise Security Manager for several years, which is now integrated with Symantec Control Compliance Suite 9.0. “It would be impossible for my staff to keep up with reporting and compliance remediation if we didn’t have Symantec’s automation tools,” Lohrmann contends, “and I’m look-ing forward to using the enhanced features of the integrated product.”

PodcastCheck out the executive spotlight Podcast with the Michigan DIT team at go.symantec.com/StateofMI

“When governors put their strategic plans together, IT organizations usually struggle to even get into the room. Our organization actually helps the governor facilitate that process. ”—Ken Theis, Director and CIO,

Michigan Department of Information Technology

NO

RT

H A

ME

RIC

A

Consolidating the infrastructureWhile Lohrmann was standardizing security operations, Hale was busy helping to plan and implement Michigan One—first as a consultant, and later as a state employee. “The first year or two,” he remembers, “Michigan One was heavily focused on securing our network. But even in that first year, there was work underway to re-architect things. We wanted to make sure that our

infrastructure would support our enterprise vision.”

“We’ve got 1,400 remote offices,” Hale explains, “and some are located in rural geography with very limited connection capabilities. We had to deal with that infrastructure before we could lay on top of that a standardized solution.”

In 2004, Hale’s team began mov-ing systems into consolidated data centers. “As we did so,” Hale relates, “we began to find architectural de-tails that we didn’t like, and we had to shut down some systems. This made some things inconvenient for state users. However, the risk that was unknowingly being taken outweighed the benefits.”

Nurturing relationshipsAt the time, Theis was DIT’s agency services deputy director, responsible for maintaining lines of communi-cation with client agencies. As Hale and Lohrmann were making these difficult transitions, “my focus was to repair these fractured relation-

ships. I needed to make sure our organization was responsive to the needs of the business.”

As functions were disabled or changed as a part of the consolidation process, Theis met with affected agency directors to find appropriate workarounds or process changes. “In retrospect, Ken’s role was key at the time,” Lohrmann asserts. “We could not have pulled things off as quickly or smoothly without the buy-in that he was negotiating.”

An emergency with backupsIn 2005, Hale’s team accelerated its consolidation efforts, closing 32 data centers in the Lansing area alone and consolidating them into three centralized centers. “At the time, we also brought in a number of legacy backup solutions,” Hale recalls. “As a result, in late 2005, we started to see backup success percentages getting into the low 70s. That’s a whole lot of backups failing every night, literally into the hundreds.”

Due to its reliability and com-patibility with a variety of systems, Veritas NetBackup had already been selected as the state’s backup standard. With failed backups put-ting the state’s two petabytes of data in jeopardy, Hale’s team engaged Symantec Consulting Services to expedite implemen-tation of NetBackup across the enterprise. In addition, a new SAN solution from Symantec Partner EMC was deployed concurrently.

“Today, we’re successfully executing 21,000 backup jobs a week,” Hale reports. “We have now gone almost a year since we have had any backup fail for multiple nights, and our backup success


> Veritas NetBackup 6.5> Symantec Critical System Protection> Symantec Security Information

Manager> Symantec Enterprise Security

Manager (now a part of SymantecControl Compliance Suite)

> Symantec Endpoint Protection(implementation in process)

> Symantec Network Access Control(implementation in process)

> Symantec Consulting Services> Symantec Business Critical Services

Michigan One: Symantec Solutions

s

miC

ha

el

sC

him

Pf

Three of the leaders of Michigan’s Department of Information Technology (from top to bottom): Dan Lohrmann, Deputy Director and CISO; Patrick Hale, Deputy Director Infrastructure Services and CTO; Ken Theis, Director and CIO.

Admitted to U.S. Union: 18372007 Population (est.): 10,071,822State Employees: 55,000DIT Employees: 1,700Governor: Jennifer Granholm

Assessing the State of Michigan

s


rate is now at 98 percent. Further, our restore rate with NetBackup is 100 percent. The product’s scalability and ease of use allowed us to save about $250,000 annually in backup administrator time.”

Well-deserved recognitionWhile a number of states have undertaken IT consolidation projects in recent years, Michigan was among the first, and the team has received many awards over the years for its efforts. The state received three awards for excel-lence in information technology at the National Association of State Chief Information Officers (NASCIO) last September—with awards for the Michigan.gov Web site, the data center migration project, and the information secu-rity and privacy project.

Regarding efficiency, the numbers speak for themselves. DIT’s workforce today is just over half of what it was in 2002. “When we consolidated,” Theis explains, “we had around 2,300 employees and 2,300 contractors. Today, we have 1,700 employees and 800 contractors.”

Yet everyone involved would assert that these efficiencies were accompanied by a significant increase in the breadth and quality of IT services over the past seven years. “Ironically, IT is tied more strategically to the business needs of each agency today than when each department had its own IT shop,” Hale quips.

A place at the table“When governors put their strategic plans together,” Theis explains, “IT organizations usually struggle to even get into the room. Our organization actually helps the governor facilitate that process through our 19 client agencies. It gives us tremendous insight into the critical capabilities, goals, and

objectives of the organization—and it helps us align our organization toward helping them achieve those objectives.”

“I think we were very fortunate,” Theis concludes. “Both governors really saw the vision of how can we better utilize technology to transform state government. I think that’s why Gov. Engler was so passionate about putting it in place before he left. Then, Gov. Granholm understood the true value of IT as a strategic tool to help her accomplish the things that are important to her administration.”

And those are changes that you can believe in. n

Mark L.S. Mullins is a managing editor of CIO Digest and manager of Symantec’s Global Customer Reference Program team.

In 2002, Patrick Hale was a managing partner in a consulting firm that specialized in technology integration and change management during mergers and

acquisitions, with a client list that included large financial services and pharmaceutical firms. A graduate of Michigan State University, just a few miles from the capitol, Hale had been an entrepreneur since finishing his studies, and supplemented his education at “the school of hard knocks.”

When the state retained him as a consultant to help organize the new Department of Information Technology (DIT), he immediately understood the enormity of the task at hand. “I describe it in private sector terms,” Hale says. “If you compare the state to a company and what it spends on IT, the State of Michigan is approximately a Fortune 24 company—with 19 separate lines of business. Literally overnight, they combined those 19 divisions and moved all the people, all the processes, and all the support into one organization.”

While the organizational change happened overnight, the physical, cultural, and process changes took much longer. “For the first year,” Hale recalls, “it was nothing more than just trying to deal with the operational challenges and keep things moving without too much disruption.”

In the first and second years, “we got folks to work chipping away at these challenges. And once we began making tangible progress, it got easier and easier to move to the next step”—including the massive consolidation of data centers completed in 2005.

Symantec Business Critical Services has been a key partner during this time of transition. “It has been invaluable as we have dealt with merging many systems together. Our folks call our Business Critical Account Manager when the chips are down. Inevitably that partnership is there when it matters the most.”

The work has been fulfilling for Hale. “A little over four years ago, I woke up one day and found myself a state employee,” he quips. You wouldn’t expect a natural entrepreneur to feel at home in state government, “but I’ve really been able to be as entrepreneurial here as anywhere.”

Change Management: Repairing a Moving Vehicle

s

“We had to look at things much more as an enterprise, and we had to do a lot of very basic things to get there. ”—Dan Lohrmann, Deputy Director and CISO,

Michigan Department of Information Technology

miC

ha

el

sC

him

Pf

Patrick Hale, Deputy Director Infrastructure Services and CTO, Michigan Department of Information Technology

INDEX

The following companies, products, organizations, and institutions appear in this issue of CIO Digest:

Accenture.................................................................................9Australian.Overland.Telegraph.Line........................10-11,.13Bay.Dynamics........................................................................ 28Behavioral.Protection..............................................................4Centre.for.the.Protection.of.National.Infrastructure......... 17County.Manukau.District.Health.Board.............................. 26County.Waitemata.District.Health.Board............................ 26du.............................................................................. 15,.16,.17EMC........................................................................................ 34Energy.Market.Company................................................ 19-21Enterprise.Management.Associates....................... 18,.20,.21Ferrari..............................................................................22,.24FORTUNE..................................................................................5Hay.Group................................................................................5healthAlliance.NZ.Ltd..................................................... 26-28Information.Risk.Management.......................................... 5,.6International.Legal.Technology.Association..........................8Insight.Research............................................................. 14-17IP.Convergence............................................................... 14-17IT.GRC.............................................................................. 18-21IT.Policy.Compliance.Group.............................................8,.18Kidslink.Wellchild.Project..................................................... 26Lightweight.Directory.Access.Protocol............................... 19

Michigan.Department.of.Information.Technology....... 32-25Michigan.One........................................................................ 33Microsoft.Exchange.Server.................................................. 23Microsoft.Office.SharePoint.Server...............................22,.23Molina.Healthcare.......................................................... 20-21National.Association.of.State.Chief.Information.Officers......35NetStream............................................................................. 30New.Zealand.District.Health.Board..................................... 27OptiGlobe.............................................................................. 30Piaggio.Aero.S.p.A.......................................................... 22-24“Prancing.Horse”.Logo......................................................... 23Software.as.a.Service..............................................................3State.of.Michigan............................................................ 32-25Swisscom.IT.Services......................................................16,.17Telstra.............................................................................. 10-13The Chronicles of Narnia...................................................... 26The Last Samurai.................................................................. 26The Lord of the Rings............................................................ 26The.Alchemy.Solutions.Group............................................. 19TIVIT................................................................................. 30-31Universo.Online.................................................................... 30Visiting.Nurse.Service.of.New.York................................ 19-21Votorantim.Novos.Negócios................................................. 30


Altiris.Application.Metering.Solution................................. 27Altiris.Asset.Management.Solution.............................. 27,.28Altiris.Client.Management.Suite.............................20,.21,.31Altiris.Helpdesk.Solution...................................20,.21,.27,.28Altiris.IT.Analytics.Solution................................................. 28Altiris.Service.and.Asset.Management........................ 27,.28Altiris.Workflow.Solution..................................................... 28Blast.Off.with.Norton..............................................................4MessageLabs.......................................................................5-6Network.Intrusion.Protection................................................4Norton.2009............................................................................4SONAR.....................................................................................8Symantec.AntiVirus............................................................. 33Symantec.Brightmail.Gateway..........................................5,.8Symantec.Browser.Defender.................................................4Symantec.Business.Critical.Services......................12,.34,.35Symantec.Consulting.Services..... 12-13,.23,.24,.27,.28,.34Symantec.Control.Compliance.Suite...........5,.20,.21,.33,.34Symantec.Critical.System.Protection...........................33,.34Symantec.Data.Loss.Prevention.................................5,.8,.21Symantec.Education.Services............................................. 28Symantec.Endpoint.Protection.......8,.16,.19,.20,.31,.33,.34Symantec.Enterprise.Security.Manager......................33,.34Symantec.Enterprise.Vault............5,.6,.8,.12-13,.17,.20,.24

Symantec.Enterprise.Vault......Discovery.Accelerator.................................................. 6,.13Symantec.Enterprise.Vault.Microsoft.....Exchange.Journaling......................................................... 13Symantec.Enterprise.Vault.PST.Migrator.....................20,.24Symantec.Managed.Security.Services............................... 15Symantec.Multi-tier.Protection.......................................... 24Symantec.Network.Access.Control........................15,.20,.34Symantec.PartnerEngage.......................................................4Symantec.Premium.AntiSpam.....................................22,.24Symantec.Report.on.the.Underground.Economy.................8Symantec.Security.Information.Manager.......15,.19,.33,.34Symantec.Security.Operations.Center..................................5Symantec.Technology.Security.and.Response.................5,.8Veritas.Backup.Reporter..................................................... 17Veritas.Cluster.Server................................. 12-13,.16,.17,.31Veritas.CommandCentral.Storage...................................... 17Veritas.NetBackup...................12-13,.16,.21,.23,.31,.34,.35Veritas.NetBackup.PureDisk............................................... 21Veritas.Storage.Foundation................................................ 31Veritas.Storage.Foundation.HA.............................. 12-13,.16Veritas.Storage.Foundation.Cluster.File.System..........12-13Veritas.Volume.Replicator....................................................31

The following Symantec products, services, and solutions, as well as topics, appear in this issue of CIO Digest:

© 2008 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

everywhere.

From antivirus to virtualization. From enterprise data center management to laptop

protection. Symantec offers an integrated portfolio of software solutions to help you

secure and manage all the assets of your information-driven world. Take control today.

Symantec.cOm/everywhere

Symantec IS

Printed on Recycle Paper

strategies and analysis from...

Documents